Bypass application control - what is the best way

jcrower · ‎04-26-2022

Hi all,

We have a FortiGate 81f running FortiOS 7.0.5.

We have Application Control running that blocks proxy and vpn, which we want.

We do however have one internal device (static IP) that we need to connect via vpn to an external ip. We also have another internal device that requires connection to an external proxy.

What is the best way to allow an internal ip to use vpn or proxy to contact an external ip? Custom IPS signature?

thanks

jc

seshuganesh · ‎04-26-2022

Hi Team,

The best way is to create one more application control and create one firewall policy on top for these two users and keep the firewall policy on top.

This should be fine.

View solution in original post

seshuganesh · ‎04-26-2022

Hi Team,

The best way is to create one more application control and create one firewall policy on top for these two users and keep the firewall policy on top.

This should be fine.

jcrower · ‎05-01-2022

Thanks.

So to clarify, will creating one firewall policy for both allow me to specify that only internal IP aaa.aaa.aaa.aaa can use OpenVPN to connect to external IP bbb.bbb.bbb.bbb and that only internal IP yyy.yyy.yyy.yyy can connect to proxy zzz.zzz.zzz.zzz?

I don't want to allow IP yyy.yyy.yyy.yyy to be able to use OpenVPN for instance.

thanks

jcrower · ‎07-04-2022

Hi seshuganesh,

Soryy, forgot I asked this. I have set up the firewall rule as suggested and all good!

Bypass application control - what is the best way

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website